Location: PHPKode > projects > Ptk-forensics > ptk/lib/update_profile_password.php
<?php
/*
PTK  - DFLabs
Copyright (C) 2008 - DFLabs srl - All rights reserved
hide@address.com
*/
include("check_session.php");
include("../config/config.inc.php");
include("sanitize.php");
include ("loggerClass.php");
include ("lib_std.php");
session_start();
$token_age = time() - $_SESSION['inv_token_time'];
if (!isset($_SESSION['user']) or strcmp($_SESSION['inv_token'],$_POST['ptktoken'])!=0 or $token_age > 300){
	new AuditLog('Unauthorized access to update_profile_password ');
        header("location: goto_home.php");
}else{
	$conn = mysql_connect($db_host, $db_user, $db_password)
	or die ("Error connecting to database");
	mysql_select_db($db_name);

	//$username = mysql_real_escape_string($_POST['username']);
	$username = mysql_real_escape_string($_SESSION['user']);
	$user_id = user_id($username);
	$user = user_info($user_id);

	$password0 = mysql_real_escape_string($_POST['password0']);
	$password1 = mysql_real_escape_string($_POST['password1']);
	$password2 = mysql_real_escape_string($_POST['password2']);

	$old_password = sha1($password0);
	if($old_password == $user['password']){
		if($password1==$password2) $new_password = sha1($password1);
		$query=mysql_query("UPDATE users SET password='$new_password' WHERE username='$username'");
		mysql_close();
		$_SESSION['message'] = "Password changed";
		new Log($_SESSION['ip'], $_SESSION['user'], 'Investigator '.$username.' changed his password');
		header("location: settings.php");	
	}else{
		$_SESSION['warning'] = "Error: wrong password";
		header("location: settings.php");	
	}
}
?>
Return current item: Ptk-forensics